Ejemplo n.º 1
0
    _check_code($_POST['yzm'], $_SESSION['code']);
    //可以通过唯一标识符 来防止表单恶意注册 跨站攻击
    include root . 'includes/register.php';
    /*定义一个变量存放 各字段的值*/
    $_clear = array();
    /*字段在验证成功后 将字符串 返回出来 并赋值给 $_clear 相应的字段 -->验证并赋值*/
    $_clear['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
    $_clear['active'] = _sha1_uniqid();
    $_clear['username'] = _check_username($_POST['username']);
    $_clear['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
    $_clear['question'] = _check_questions($_POST['passt'], 4, 20);
    $_clear['anwser'] = _check_anwser($_POST['passt'], $_POST['passd'], 4, 20);
    $_clean['sex'] = $_POST['sex'];
    $_clean['face'] = $_POST['face'];
    $_clear['email'] = _check_email($_POST['email']);
    $_clear['qq'] = _check_qq($_POST['qq']);
    $_clear['url'] = _check_url($_POST['url']);
    print_r($_clear);
} else {
    //提交前
    //这个存入数据库的唯一标识符还有第二个用处 就是cookie登陆验证  验证cookie的标识符和数据库的标识符是否相等
    $_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
    echo $_SESSION['uniqid'];
}
//唯一标识符  有两个参数  参数一rand() :每次产生的长度是随机的  参数二:是否带小数 true/false
//最后用md5加密32位  或者shal() 40位
//echo md5(uniqid(rand(),true ));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Ejemplo n.º 2
0
    _checkcode($_POST['code'], $_SESSION['code']);
    //引入注册检查过滤的函数库
    include ROOT_PATH . 'includes/check.func.php';
    //用一个数组保存表单提交个数据
    $clean = array();
    //生成一个激活id
    $clean['active'] = sha1(uniqid(rand(), true));
    $clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
    $clean['username'] = _check_username($_POST['username'], 2, 20);
    $clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
    $clean['sex'] = _mysql_string($_POST['sex']);
    $clean['facesrc'] = _mysql_string($_POST['facesrc']);
    $clean['passt'] = _check_pwd_question($_POST['passt'], 2, 8);
    $clean['passd'] = _check_pwd_answer($_POST['passt'], $_POST['passd'], 2, 8);
    $clean['email'] = _check_email($_POST['email'], 6, 40);
    $clean['qq'] = _check_qq($_POST['qq']);
    $clean['url'] = _check_url($_POST['url']);
    //防止重复注册
    _is_repeat("SELECT * FROM tg_user WHERE tg_username = '******'username']}'", "用户名重复,请重新注册!");
    _query("INSERT INTO tg_user (\r\n                                                tg_uniqid,\r\n                                                tg_username,\r\n                                                tg_password,\r\n                                                tg_question,\r\n                                                tg_answer,\r\n                                                tg_email,\r\n                                                tg_qq,\r\n                                                tg_url,\r\n                                                tg_active,\r\n                                                tg_sex,\r\n                                                tg_face,\r\n                                                tg_reg_time,\r\n                                                tg_last_time,\r\n                                                tg_last_ip\r\n                                    ) values (\r\n                                                '{$clean['uniqid']}',\r\n                                                '{$clean['username']}',\r\n                                                '{$clean['password']}',\r\n                                                '{$clean['passt']}',\r\n                                                '{$clean['passd']}',\r\n                                                '{$clean['email']}',\r\n                                                '{$clean['qq']}',\r\n                                                '{$clean['url']}',\r\n                                                '{$clean['active']}',\r\n                                                '{$clean['sex']}',\r\n                                                '{$clean['facesrc']}',\r\n                                                NOW(),\r\n                                                NOW(),\r\n                                                '{$_SERVER['REMOTE_ADDR']}'\r\n                                                )");
    if (_affect_rows() != 1) {
        _closeDB();
        _session_destroy();
        _location("注册失败,请重新注册!", 'register.php');
    } else {
        _closeDB();
        _session_destroy();
        _location("恭喜您,注册成功,点击跳转到激活页面!", 'active.php?active=' . $clean['active']);
    }
} else {
    //生成uniqid